Skip links

Singapore infosec boss warns China/West tech split will be bad for interoperability

One of the biggest challenges Singapore faces is the potential for a split between tech stacks developed and used by China and the West, according to the island nation’s Cyber Security Administration (CSA) chief executive David Koh.

“If you look at it from a historical perspective, Singapore has benefited from being an open economy,” Koh said at the Black Hat Asia conference on Thursday. He attributed the country’s wealth to its role as the center of major trade routes – a function the city-state still cherishes in many ways today.

“It is in our economic and strategic interest to continue to benefit from trade and an open economy,” he continued. “Tech bifurcation actually goes in the opposite direction.” How, after all, can a trade hub thrive when some markets don’t want anything to do with others?

“It’s the supply chain, where the kit is made, right?” he posed. “You have to secure your supply chain picks from your trusted suppliers.” And if China no longer trusts the West, or vice versa, Singapore’s role in the middle diminishes.

Koh’s worries aren’t fanciful. Recent geopolitical tensions have seen the US prevent the export of many technologies to China, while politely insisting its friends and allies follow its lead. China has responded by accelerating development of indigenous tech and requiring local orgs to use it.

Koh thinks the result could be different stacks that don’t work together.

“I’m old enough to remember that when you went to Japan, you once had to use another phone, because the tech stack is different. And I don’t want to go back to those days,” lamented Koh.

Koh also observed that interoperability is not always a good thing. The CSA chief noted that data protecting national security is one example of an asset for which interoperability is not always a requirement.

Singapore punches above its weight when it comes to cyber security. The country ranked second in the Asia Pacific region as of July last year on the National Cyber Security Index – a measurement of government readiness to prevent and manage cyber threats.

“One of the big advantages is that we are small and nimble,” he mused. While such matters would be a disadvantage in the physical world, in the digital domain it allows decisions to be made quickly with fewer barriers to action.

“We can probably lock up most of our senior people in one room … and not allow them out until we sorted it,” he joked.

Koh conceded it would help to be a bigger when it comes to influencing standards through its purchasing power. For example, Singapore has little control over requiring products to be secure by design.

“What serves the Singapore market? You know, it’s a blip. As far as our financials are concerned, this is a bit of a loss. So if they [technology vendors] have to make that trade off, they’re not going to come here,” bemoaned the chief.

But that doesn’t mean the city-state won’t make its case anyway: “I think it’s important to say and speak up. Because then you get that feedback loop to the industry to say that this is what is desired.” ®